There are been a dramatic rise in investment and interest in the Security Event Management (SEM) space. Fueled by an increasing number of cyber attacks and various compliance regulations, computer and network security practitioners use SEM tools to analyze huge volumes of logged security event data to identify threats in real time. These SEM tools have evolved from mechanisms that collect, normalize, store, index and report log data to more intelligent systems that operate using rule-based correlation engines to analyze enriched event data (e.g., using identity injection, asset relevance injection, etc.) in real time to identify potential violations of compliance and security policies. In some cases, a great deal of reliance is placed on these correlation engines to ensure that security policies have not been violated.